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TITLE OF THE INVENTION : 

APPARATUS AND METHOD FOR SECURE FIELD UPGRADABILITY 
REFERENCE TO RELATED APPLICATIONS : 

This application claims priority of United States Provisional Patent 
5 Application Serial No. 60/162,209 filed on October 29,. 1999. United States 
Provisional Patent Application Serial No. 60/162,157 filed on October 29, 
1999, and United States Provisional Patent Application Serial No. 60/193,378 
filed on March 21 , 2000. The contents of these earlier filed applications are 
hereby incorporated by reference. 

10 BACKGROUND OF THE INVENTION : 
Field of the Invention: 

The invention relates to a method and apparatus for selectively and 
securely enabling additional functionality of an electronic component not 
expressly enabled at the manufacturing or design stages based upon 

15 cryptography principles. 

Description of the Related Art: 

Cryptography is generally defined as the technology of encoding 
information so that the information itself, upon storage and/or transmission, 
can only be accessed by individuals authorized to utilize the information. 

20 Cryptography has wide ranging application in various fields and 
implementations. For example, cryptography can be used to encrypt a 
sensitive data file, such as a business plan, so that other parties, such as 
competitors, even if they gain access to the physical location of the data, 
cannot take advantage of the content of the data. Additionally, cryptography 
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is regularly used to send and receive secure messages between users via e- 
mail, radio transmission, and satellite communications, along with many other 
data transmission links. In implementing these types of cryptographic 
systems, various "types" of cryptography are used. For example, private key 
5 cryptography is a type of cryptography where the sender and receiver both 
have the same key or similar keys, which are used to decode the encrypted 
message/data. Alternatively, public key cryptography is a form of 
cryptography in which each user has a public key and a private key, and 
therefore, messages are sent encrypted with the receiver's public key and 

1 0 the receiver decrypts the messages through use of the private key. Using the 
public key method, the private key is generally not revealed to anyone other 
than the intended users and/or recipients of the information. Another form of 
cryptography is symmetric key cryptography, which is often used in computer 
transmission related situations, wherein both ends have the same encryption 

1 5 key, which is used for encryption and decryption. 

Furthermore, although general cryptography has been a practiced art 
for nearly 1 00 years, recent advances in computer related technologies have 
opened a whole new realm of applications for cryptography. For example, 
given current computer technology, cryptographic methods are often 

20 implemented in various software applications in order to enable and/or 
disable access to selected software and/or hardware functions. However, 
software driven cryptographic functions have an inherent degree of 
vulnerability as a result of their code driven nature. 

One particular area where cryptographic methods have been recently 
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used is in the computer hardware enablement field. Although previous 
implementations such as physical jumpers and secret registers are effective 
from a physical point of view, these methods are unsecured, and therefore, 
impractical for most computer applications, as they can easily be bypassed 
5 by a clever user. An example of the use of these types of methods is when 
manufacturers of electronic/computer components manufacture components 
having various ranges of capabilities and options, as evidenced by the 
different models of the product. However, in view of the cost associated with 
producing multiple variations/models of a product in order to create the range 

10 of capabilities desired by consumers, manufacturers often produce a single 
product capable of executing all of the desired functions of the entire product 
line. This product is then sold as the "top of the line" model Then, in order 
to generate the "lower"' models, the top of the line model is simply sold with 
one or more of the features disabled. Therefore, through this technique, 

1 5 manufacturers are generally able to manufacture a single product line having 
a single design and manufacturing cost, wherein the single product is capable 
of supporting numerous product models in a product line. 

This process has a second advantage, as the manufacturer is then 
able to offer consumers the option of upgrading their product, without having 

20 to physically exchange the hardware for an upgraded model. Rather, the 
manufacturers can simply enable the desired functions of the hardware in 
order to upgrade the product. However, this advantage comes with an 
inherent disadvantage, as a consumer who knows that the product purchased 
includes disabled upgrades may attempt to enable the additional functionality 
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of the product without the manufacturer's permission, which eliminates or at 
least reduces the possibility of the manufacturer obtaining compensation for 
the upgraded product. This situation has been attempted to be addressed 
through previous functionality enablement methods (jumpers and private 
5 registers), however, the vulnerability of these methods has been shown to be 
nearly ineffective against a reasonably sophisticated attacker. 

Therefore, in view of the vulnerability of previous enablement methods 
in conjunction with the desired manufacturing methods for 
electronic/computer related products, it is an object of the present invention 
10 to implement a cryptographic method wherein the secure portions of the 
method, e.g. the relevant keys, are implemented in electronic/computer 
products. Secure, for purposes of cryptographic enablement, is generally 
defined as the point where the cost of obtaining unauthorized access to a 
component exceeds the cost associated with obtaining authorized access. 
15 More particularly, it is an object of the present invention to implement 
cryptographic functions for enabling functionality of electronic/computer 
related components, wherein the relevant secure key related information is 
contained within computer hardware in a non-volatile memory device and not 
within a purely software driven configuration. Further still, it is an object of 
20 the present invention to provide the ability to conduct secure functionality 
enablement on electronic/computer related components, wherein a public key 
for enabling the component is contained onboard and utilized in conjunction 
with a randomly generated component identifier in order to selectively enable 
additional functionality of the component. 
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SUMMARY OF THE INVENTION : 

The present invention provides an apparatus for enabling functionality 
of a component, wherein the apparatus includes an identification module 
having an identification number stored therein, and a hash function module 
5 in communication with the identification module. A host is provided and is in 
communication with the identification module, and a guess register in 
communication with the host is provided. An encryption module is provided 
and is in communication with the guess register, and a public key module in 
communication with the encryption module is provided, wherein the public key 

1 0 module has a public key stored therein. A comparator in communication with 
the encryption module and the hash function module is provided, such that 
the comparator may compare a first bit string to a second bit string to 
generate a function enable output for the component. 

The present invention further provides a component for selectively 

15 enabling functionality of an electronic device, wherein the component 
includes a means for generating an encrypted bit string, a means for 
acquiring a guess passcode, and a hash function module in communication 
with an on board memory, wherein the on board memory has a predefined 
identification number stored therein. A means for determining if the 

20 encrypted bit string matches the guess passcode is provided, and a means 
for outputting a functionality enable signal is included. 

The present invention further provides a method for enabling 
functionality of an electronic component, wherein the method includes the 
steps of encrypting a first bit string and a second bit string to generate a third 
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bit string, calculating a fourth bit string, comparing the fourth bit string to the 
third bit string, and generating a function enable signal in accordance with the 
comparison. 

The invention also includes an apparatus for enabling functionality of 
5 a component, with the apparatus comprising at least one memory, and an 
encryption module in communication with the at least one memory. A host 
processor is in communication with the at least one memory, and a comparing 
device is in communication with the encryption module and the at least one 
memory. The comparing device is configured to compare a guess passcode 
10 to a bit string generated by the encryption module in order to generate an 
enable output. 

The invention also includes a method for enabling functionality of an 
electronic component, with the method comprising the steps of enabling a first 
bit string and a second bit string to generate an encrypted bit string, then 

1 5 determining a guess passcode. The guess passcode is compared to the 
encrypted bit string. A function enable signal is then generated in 
accordance with the comparison. 

The invention also includes an apparatus for enabling functionality of 
a component, with the apparatus comprising a comparing device having at . 

20 least one input and an output, and a memory for receiving and storing at least 
one bit string therein. The memory has a memory output in communication 
with the comparing device. A guess register is provided for receiving a guess 
passcode. The guess register has a guess passcode input and a guess 
passcode output. The guess passcode output is in communication with the 
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comparing device. A host is in communication with the guess register. The 
host is configured to receive and transmit the guess passcode to the guess 
register so that the guess passcode can be compared to the at least one bit 
string stored in the memory. The memory includes a physical limitation 
5 preventing unauthorized extraction of the at least one bit string stored within 
the memory. 

The invention also includes a method for enabling at least one function 
of a component, with the method comprising the steps of storing a component 
identification number and a key in a non-volatile memory on board the 

10 component. A bit string is then transmitted, composed of the key, to a first 
input of a comparing device. A manufacturer's key is transmitted, 
corresponding to the component identification number, to a second input of 
the comparing device. The bit string is then compared to the manufacturer's 
key to generate an enable output. The non-volatile memory is manufactured 

15 with a physical limitation for preventing an attacker from extracting 
information from the non-volatile memory. 

The invention also includes a method for selectively enabling 
functionality of an electronic component, with the method comprising the 
steps of storing a bit string in an onboard memory of a component, then 

20 determining the manufacturer's key. The bit string is compared to the 
determined manufacturer's key, and functionality of the component is enabled 
in accordance with the comparison. 

The invention also includes an apparatus for enabling functionality of 
an electronic component, with the apparatus comprising at least one means 
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for storing a bit string, and means for transmitting and receiving information. 
The means for transmitting and receiving information is in communication with 
the means for storing. The means are provided for comparing a predefined 
bit string with a guess bit string. The means for comparing being in 
5 communication with the at least one means for storing. The means for 
comparing receives at least two inputs from the at least one means for storing 
and compares the at least two inputs to determine an enable output for the 
electronic component. 

The invention also includes an apparatus for enabling functionality of 

10 a component, with the apparatus comprising a random number generating 
module for generating a random number, and a hash function module in 
communication with the random number generating module. A host is in 
communication with the random number generating module, and at least one 
memory is in communication with the host. An encryption module is provided, 

15 in communication with the at least one memory. A comparing device is in 
communication with the encryption module and the hash function module. 
The comparing device compares a first bit string to a second bit string to 
generate a function enable output for the component. 

The invention also includes a component for selectably enabling 

20 functionality of an electronic device, with the component including the various 
means noted above. 

The invention also includes a method for enabling functionality of an 
electronic component, with the method comprising the steps of generating a 
random number, and calculating a first bit string from the random number. A 
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second bit string is then determined, corresponding to the random number. 
The second bit string is then encrypted with a public key to generate a third 
bit string. The third bit string is compared to the first bit string to determine 
a match. A function enable signal is output, in accordance with the 
5 comparison. 

BRIEF DESCRIPTION OF THE DRAWINGS : 

The objects and features of the invention will be more readily 
understood with reference to the following description and the attached 
drawings, wherein: 

10 Figure 1 illustrates an exemplary unique key function enabler 

according to the invention ; 

Figure 2 illustrates an exemplary secret key function enabler according 
to the invention; 

Figure 3 illustrates an exemplary public key encryption enabler 
1 5 according to the invention; and 

Figure 4 illustrates an exemplary public key enabler with a random 
number generator according to the invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS : 

The present invention is directed to an apparatus and method for 
20 enabling functionality of an electronic component, wherein the enablement 
process is configured to be secure from attack by an unauthorized party. For 
purposes of explanation, the present invention will be described with respect 
to a computer component. However, it is understood that the present 
description with regard to a computer component is for explanatory purposes 



WO 01/33768 PCT7US00/26275 

10 

only, and therefore, is in no way limiting upon the present invention, as use 
of the present invention with various general electronic components is 
expressly contemplated within the scope of the present invention. 

As an example of the present invention, a manufacturer of computer 
5 components manufactures a component, such as a network switch, for 
example. The network switch may be a single integrated circuit, or a plurality 
of components connected together. This component could include the basic 
capabilities to conduct packet switching, but also could have the ability to 
execute optional functions such as filtering, metering, head of line blocking, 

10 stacking, trunking, and/or load balancing, for example. However, not all 
customers are interested in purchasing a network switch with each of the 
above noted functions, as some customers may desire to purchase a network 
switch having only the ability to conduct network switching and filtering 
without the additional features. For this customer, the manufacturer is faced 

1 5 with two distinct options: first, design and manufacture a separate component 
capable of only switching and filtering, and then market and sell this 
component to this type or group of customers desiring only these particular 
features; or second, selling this customer the previously designed and 
manufactured component capable of conducting all of the above noted 

20 features, but only enable the features desired by the particular customer. In 
this situation, it is nearly always more economical for the manufacturer to sell 
the customer the component with the capability to conduct all of the functions 
with certain functions disabled, as designing and manufacturing a separate 
component with only the desired functions includes additional design and 
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manufacturing costs which can be avoided by simply using a previously 
designed and manufactured component that is capable of at least the desired 
functions. 

Therefore, in view of this situation, manufacturers regularly design 
5 components with the ability to selectively enable/disable various 
functionalities of the components, so that a single component can be sold to 
a wide range of customers having different component needs. If a customer 
desires additional functionality, an upgrade can be offered from the 
manufacturer simply by enabling the "dormant" functionality of the 

10 component. However, this flexibility in manufacturing inherently creates 
opportunity for unauthorized parties to purchase a component with various 
features disabled at a lower cost, and thereafter, attempt to enable the full 
functionality of the component without authorization from the manufacturer. 
Further still, this flexibility offers an unauthorized party the potential to 

15 determine a "passcode" for an entire product line or a manufacturer, and 
thereafter, market and sell upgrades for that product line without the 
manufacturers permission, thereby eliminating the manufacturer from the 
upgrade process for a multitude of customers. 

A first embodiment of the present invention, shown in Figure 1, is 

20 configured to minimize the possibility of an unauthorized user being able to 
"attack" the component and enable the optional functions of the component 
without true authorization from the manufacturer. Figure 1 generally 
illustrates an exemplary configuration of a function enabler 1 5 of the present 
invention. The exemplary function enabler 15 is generally positioned on- 
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board the computer or electronic component for which it is configured to 
enable various functions. Function enabler 15 includes a non-volatile 
memory 16, which may be in the form of a 96 bit unique unpredictable non- 
volatile register in the present exemplary configuration. Non-volatile memory 
5 16 is generally characterized as a memory and/or register wherein the 
bits/information contained therein are programmed at the factory and are not 
visible to the user as a result of a physical limitation implemented at the 
factory. This type of physical limitation generally comprises manufacturing 
the register such that the contents therein are not readily accessible through 

1 0 the pins of the component or chip. In the present exemplary embodiment, 
non-volatile memory 16 can be programmed with, for example, a component 
identification number at the factory. Additionally, non-volatile memory 16 may 
be programmed with a unique key, which can be used to "unlock" or enable 
additional functions of the component, if the user inputs a key that 

15 corresponds to the unique key programmed at the factory. Non-volatile 
memory 16 is in communication with an interface 17 through, for example, a 
one way connection, and therefore, non-volatile memory 16 may send 
information to interface 17 but not receive information from interface 17 or be 
modified by input from interface 17. Interface 17 is also in communication 

20 with a host 1 8 through, for example, a bi-directional communication. An 
output of interface 1 7 is in communication with an input of a register 1 9, which 
is termed a "guess register" in the present exemplary embodiment. An output 
of guess register 1 9 is in communication with a first input 20a of a comparator 
20. A second input 20b is in communication with non-volatile memory 16 
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through a one-way connection in the direction of comparator 20. The output 
of comparator 20 is in communication with a first input 21a of a multiplexer 
21 . Second input 21 b of multiplexer 21 is in communication with a selection 
circuit 22. Selection circuit 22 includes an OR gate 23 having an inverted 
5 input, wherein OR gate 23 is in communication with additional non-volatile 
memory bits 24. A third input 21c of multiplexer 21 is in communication with 
a bonding option circuit 25, which includes an appropriately sized pull up 
resistor 26 and a switch 27. 

In operation, for example, non-volatile memory 16 of function enabler 

10 15 may be preprogrammed at the factory with both a unique component 
identification number and a unique key. Therefore, for example, 'assuming 
that the component is a network switch, the network switch unique 
identification number may be a 32 bit identification number or serial number 
of the network switch. Furthermore, assuming that non-volatile memory 16 

1 5 constitutes a 96 bit non-volatile register, then the unique key associated with 
the network switch could be a 64 bit field stored in the register, which is 
generally generated through a random number-type process. However, 
although a 96 bit non-volatile register having a 32 bit identification number 
and a 64 bit unique key therein are presented as the present example, 

20 various other register sizes, as well as key and identification lengths, are 
contemplated within the scope of the present invention. When the userof the 
network switch desires to enable additional functions of the network switch, 
the user first must contact the manufacturer, or other party having 
access/ability to determine an appropriate passcode, to obtain an appropriate 
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key or password to enable the desired functions of the network switch. 
Although the manufacturer is discussed as the party transmitting the 
passcode to the component, the present invention contemplates that various 
other parties are easily substituted for the manufacturer. The function of 
5 contacting the manufacturer is generally accomplished through host 1 8, which 
determines the identification number associated with the component/network 
switch through communication with non-volatile memory 1 6 via interface 1 7. 
This identification number corresponding to the particular component is then 
sent to the manufacturer by host 18, for example, with an accompanying 

10 request for a password or key corresponding to the requested additional 
functionality of the network switch. Generally, the transmission of the request 
for a password or key also may include an agreement between the user and 
the manufacturer for the user to compensate the manufacturer for the 
additional functionality to be enabled in the network switch. This 

1 5 compensation arrangement may include a transaction that occurs before the 
functionality is enabled, or alternatively, a transaction that takes place at the 
time the password/key is transmitted to the customer. The manufacturer 
receives the request information and determines the appropriate 
manufacturers key for the particular component and sends this key back to 

20 host 1 8. This entire process of communicating with the manufacturer in order 
to obtain a key may be undertaken, for example, through an internet 
connection, a direct dial data connection, or through a voice telephone call, 
as well as other known communication techniques. Host 18, upon receiving 
the key from the manufacturer, then sends the manufacturers key to interface 
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17, which transmits the manufacturer's key to register 19. Register 19 
communicates the manufacturers key to the first input 20a of comparator 20. 
Additionally, non-volatile memory 16 transmits the unique key that was 
initially stored in non-volatile memory 16 during manufacture of the network 
5 switch to the second input 20b of comparator 20. Comparator 20, or other 
suitable device for comparing numbers, then compares the manufacturers key 
received from the guess register 1 9 to the unique key stored in non-volatile 
memory 16 to determine if the respective keys match. If the keys match, 
comparator 20 sends an enable signal to multiplexer 21 through a first input 

10 21 a to multiplexer 21. A second input 21b of multiplexer 21 receives an input 
from selection circuit 22. Selection circuit 22 determines whether multiplexer 
21 uses the input from comparator 20 or bonding option circuit 25. For 
example, if the non-volatile memory 16 is programmed, then the additional 
non-volatile bits 24 may be programmed to a logical "1" and "0" respectively 

15 such that the enable signal generated by comparator 20 is selected. 
Alternatively, for example, both additional non-volatile bits 24 may 
programmed to either logical "1" or "0" such that the enable signal is selected 
from the bonding option circuit 25. Therefore, the bonding option in 
conjunction with the selection circuit offers a manufacturer the flexibility to 

20 selectively enable functionality of the network switch subsequent to the 
design phase of manufacturing. Additionally, the present invention 
contemplates that in order to detect any errors that may have occurred in the 
process of enablement of a function, host 18 may be used to determine 
whether the process was success. In particular, host 1 8 may initiate a testing 



WO 01/33768 PCT7US00/26275 

16 

of the enabled functionality to determine if the enablement process was 
successful, or alternatively, the output of comparator 20 or multiplexer 21 
may be observed by host 18 in order to determine if the function enable 
signal was properly generated. 
5 This configuration may be implemented on a component and tied to 

multiple functions, or alternatively, tied to individual functions of the 
component. Therefore, a single enabler circuit may enable a single function 
or multiple functions, and conversely, multiple enabler circuits may be used 
to individually enable a plurality of functions. Therefore, function enabler 15 

10 provides the flexibility for manufacturers to selectively enable a single 
function of a component through a secure key, or alternatively, multiple 
functions at a time. However, in order to effectively implement this 
configuration, the manufacturer is generally required to closely monitor the 
design and manufacturing phases of the respective components. More 

15 particularly, the manufacturer must generally record each unique 
manufacturers key programmed into non-volatile memory 16 on every 
component, so that when individual users contact the manufacturer for 
permission to enable additional functionality of components in the users 
system, then the manufacturer can readily provide the correct password or 

20 key to be transmitted to guess register 1 9. As an alternative to storing every 
key of every component at the manufacturer, it is also contemplated that the 
manufacturer may simply store an algorithm configured to generate the 
unique key stored in non-volatile memory 16 during the manufacturing stage. 
Therefore, in this situation, when the manufacturer receives a request from 
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a host for a manufacturers key, the manufacturer can simply determine an 
appropriate algorithm to use from the identification number of the component, 
calculate the key using the appropriate algorithm, and transmit the key to the 
user for implementation. This configuration is desirable, as the memory 
5 space required to store each and every key implemented in the 
manufacturing phase can be substantial, and is avoided by the algorithm 
approach. In addition to monitoring the manufacturing process, the 
manufacturer must also carefully select the key length. If a sufficiently long 
key length is not selected, then an attacker may simply be able to try all 
10 possible key combinations in order to enable the functionality of the 

0 

component. This type of attack is referred to as a brute force attack, and will 
be discussed herein. However, an overly long key is not desirable, as the 
computation time necessary to process an overly long key may render the 
system inefficient. Additionally, overly long keys increase the necessary on- 

15 chip overhead, and therefore, increase the manufacturing cost. Therefore, 
key length selection is important to effective operation of the present 
invention. In selecting an appropriate key length, manufacturers may 
consider the available processing power of computers and components, as 
well as anticipated computing power in the lifetime of the component, as an 

20 attacker will almost always employ a computer to launch a brute force attack. 

In another embodiment of the present invention, as shown in Figure 2, 
the necessity to utilize non-volatile memory for enabling functionality of a 
component is removed. As such, the requirement of the previous 
embodiment to pre-program each and every component at the manufacturing 
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stage with the unique key used to enable additional functions of the 
component is eliminated. The embodiment shown in Figure 2 relies upon the 
assumption that every component manufactured is associated with a unique 
identification and/or property that is not common to any other component. For 
5 example, a media access controller (MAC) is generally programmed at the 
manufacturing level, or alternatively, by the user, with a 48 bit address that 
is unique to the particular MAC. This unique identification number would be 
used in the embodiment of Figure 2 to avoid the problem associated with a 
person attacking a single component and discovering the passcode for that 
1 0 single component and using this passcode to enable every other component 
in the particular series of components, as the passcode of the embodiment 
of Figure 2 is dependent not only upon a secret key stored on-board the 
component, but also the identification number. This process is generally 
referred to as symmetric cipher encryption, and is also called secret key 
15 encryption. 

Although secret key encryption such as that which is illustrated in 
Figure 2 has certain advantages over the embodiment of Figure 1, the 
security of secret key/symmetric cryptosystems is dependent upon two things: 
first, the relative strength of the encryption algorithm employed; and second, 
20 the bit length of the key used. Therefore, assuming that a relatively strong 
algorithm is employed in a secret key system, the vulnerability of the system 
is again a function of the key length, as the most efficient method of breaking 
the system would likely be through a brute force attack on the system. In 
order for an attacker to put forth such an attack, only a small portion of 
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ciphertext along with the corresponding plaintext is needed to begin. 
Thereafter, the attacker simply attempts every possible passcode 
combination until the correct passcode is found. This process is generally 
accomplished through the use of a computer programmed to try every 
5 possible passcode. As such, the time needed to determine a passcode is 
clearly dependent upon both the computing speed of the attackers computer 
as well as the length of the key, which plainly determines the number of 
possible combinations. Therefore, if the key selected for the system were an 
8 bit key, then there would be only 256 possible passcode combinations, 

1 0 which a standard computer could guess in a fraction of a second. However, 
as the key length increases, the number of combinations obviously increases, 
which plainly serves to decrease the possibility of "guessing" the passcode 
through a brute force attack. Although no passcode is guaranteed to be 
secure, as any length passcode can eventually be guessed with enough time, 

15 if a key is sufficiently long, it is unfeasible to attempt to guess the passcode 
through a brute force approach. For example, if a 56 bit key is employed, 

then there are 2 56 possible passcode combinations. With this many possible 

keys, a computer attempting 1 million keys a second would likely take 2,285 
years to find the correct key. If the key were increased to 64 bits long, then 
20 the same computer would take about 585,000 years to guess the passcode. 
Therefore, again, assuming a relatively strong algorithm, if the key is chosen 
to be sufficiently long in view of the available computing power, then the 
secret key system will likely be successful, as a brute force attack would be 
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unfeasible in view of the required time to guess the key. Further, not only 
must the key length be chosen to be sufficiently long to deter a brute force 
attack, but the key must also be selected to be sufficiently short such that the 
computation time involved with using the key is not overwhelming. Therefore, 
5 again, the selection of the key length should be* based primarily upon the 
available computing power, both presently and in the expected lifetime of the 
key. 

Figure 2 illustrates an exemplary implementation of symmetric cipher 
encryption using a secret key and a identification number in the present 

10 invention. In this embodiment, a secret key function enabler 32 includes 
memory 28, which is not required to be non-volatile memory as used in the 
previous embodiment. Memory 28 is again used to store a component 
identification number, as discussed above, which may be selected by the 
user, however, memory 28 does not store a key of any sort in the present 

15 exemplary embodiment. The identification number, which, for example, can 
be a 32 bit number, is transmitted from memory 28 to a hash function module 
29. Hash function module 29 is configured to receive the input from memory 
28, which is termed a pre-image input, which in the embodiment of Figure 2, 
represents the component's identification number, and output a hash value. 

20 In the present exemplary embodiment hash function module 29 is shown as 
a one-way hash function module, which is also known generally as a 
cryptographic compression function, cryptographic contraction function, a 
cryptographic message digest, and/or a cryptographic checksum. 

A one-way hash function is designed to compute a hash value from 
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pre-image inputs. However, the strength of a one-way hash function is that 
it is easy to compute a hash value from pre-image inputs, but extremely 
difficult to compute the pre-image inputs that will computationally hash to a 
particular hash value. Additionally, a one-way hash function is generally 
5 collision free, which indicates that it is difficult to generate different pre-image 
inputs that will hash to the same hash value. Further, a one-way hash 
function is generally public, and therefore, there is generally very little 
secrecy to the process. As such, the security of a one-way hash function lies 
within the "one-way" function characteristics of the hash function and not the 

10 availability of the hash function. More particularly, the output of a one-way 
hash function not dependent upon the input in any discernable way, and 
therefore, if a single bit in the pre-image changes, then, on average, half of 
the hash value bits are expected to change. Therefore, even if an attacker 
is given a hash value, it is computationally unlikely that the attacker will be 

15 able to determine the pre-image inputs to a one-way hash function that 
generate the hash value within a reasonable time period. 

However, in the present exemplary embodiment, hash function module 
29 is an optional feature of the invention, as this module can be removed from 
the embodiment without substantially degrading the operational 

20 characteristics of the invention. Nonetheless, hash function module 29 is 
implemented in the present exemplary embodiment in order to increase the 
functional security of the system, as well as allowing the option of reducing 
the sheer size of the pre-image input. This is a practical decision, however, 
as pre-image inputs are often lengthy, and therefore, it is often desirable to 
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reduce the bit size of the inputs for encryption. Although a 128 bit field, for 
example, is generally not unusually long for many encryption applications, it 
may be computationally burdensome for smaller/less powerful applications, 
and therefore, hash function module 29 may be utilized to reduce the length 
5 of the bit stream in order to save computation time and resources. Further, 
with regard to the increased functional security of the system, the use of the 
hash function within the embodiment of Figure 2 additionally operates to deter 
an attacker from compromising the system using the known "chosen cipher 
text" attack. 

10 Generally , an example of the chosen cipher text attack is when an 

attacker of the component sends dummy cipher text to the manufacturer 
under the guise of a genuine customer attempting to upgrade a component. 
The manufacturer, assuming that it is not discovered that the attacker is 
posing as a genuine customer, decrypts the cipher text and returns the 

15 corresponding clear text. Although the returned clear text does not readily 
reveal the decryption key, attackers may select the dummy cipher text 
cleverly so that the returned clear text reveals substantial information about 
the undiscovered key, which may lead the attacker ultimately to discover the 
key through alternative computational means. However, through the 

20 implementation of the one way hash function into the present invention the 
chosen cipher text attack becomes difficult to successfully accomplish, as the 
attacker must also determine the input to the hash function that generates the 
cipher text, which is an inherently difficult task in and of itself. 

Returning to the exemplary embodiment shown in Figure 2, the hash 
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value generated by hash function module 29 is transmitted to a symmetric 
cipher encryption module 31 as an input Another input to a symmetric cipher 
encryption module 31 is a secret key, which is transmitted to a symmetric 
cipher encryption module 31 from secret module 30. The hash value input to 
5 the symmetric cipher encryption module 31 is termed the clear text. The 
encrypted output of the symmetric cipher encryption module 31 is termed the 
cipher text. The cipher text generated at the output of the symmetric cipher 
encryption module 31 is transmitted to the second input 20b of comparator 
20. The first input 20a of comparator 20 is in communication with guess 

10 register 19, which is supplied with the guess passcode for enabling the 
desired functionality of the component by host 1 8. Therefore, the cipher text 
generated by symmetric cipher encryption module 31 is compared to the 
guess passcode inserted into guess register 1 9 by host 1 8. If comparator 20 
determines that the cipher text from symmetric cipher encryption module 31 

15 matches the guess passcode, then an enable signal is sent from the output 
of comparator 20 to OR gate 23. Or gate 23 conducts a logical u OR n 
operation with inputs from comparator 20 and bonding option 25, which was 
discussed with regard to the previous embodiment. Therefore, if either one 
of secret key function enabler 32 or bonding option 25 indicates that the 

20 functionality is to be enabled, then an enable signal is transmitted from the 
output of OR gate 23, which is used to initiate the enabling of the desired 
functionality. 

An example of the operation of secret key function enabler is illustrated 
by the MAC mentioned above. In particular, a MAC is generally programmed 
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with a unique identification number, which is often the address of the MAC 
itself. Therefore, the unique identification number stored in memory 28 of the 
present embodiment can be, for example, a 48 bit MAC address. This 48 bit 
address may be transmitted as pre-image information to a one-way hash 
5 function module 29, for example. The unique identification number is 
processed by a one-way hash function to generate a hash value of a 
predetermined length at the output of hash function module 29. This output 
is then combined with an additional pre-image information in the form of a 
secret key received from secret key module 30, and received as an input to 
1 0 symmetric cipher encryption module 31 . The secret key, which is generally 
programmed into the component or MAC at the factory and generally 
hardcoated, can be, for example, 64 bits long, or another length as required 
by the user. These inputs are processed by symmetric cipher encryption 
module 31 and encrypted to generate cipher text at the output of the 
1 5 symmetric cipher encryption module 31 . This cipher text can be transmitted 
to a second input of comparator 20 for comparison with a "guess passcode" 
supplied to guess register 19 by the user. The process of supplying the 
guess passcode to guess register 19 generally involves the user contacting 
the manufacturer or other party having control over passcodes, often through 
20 host 1 8, to obtain a valid passcode to enter into guess register 1 9. As noted 
above with respect to the previously discussed embodiment, this process of 
contacting the manufacturer may be undertaken via the internet, direct dial 
communications link, or other communications methods. If the guess 
passcode matches the cipher text supplied to comparator 20, then an enable 
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signal is generated at the output of comparator 20. This enable signal is 
transmitted to an input of OR gate 23, where a logical "or" operation is 
conducted with the output of symmetric cipher encryption module 31 and 
bonding option circuit 25. Therefore, if either of symmetric cipher encryption 
5 module 31 or bonding option circuit 25 yield an enable signal, then the 
corresponding functionality of the MAC is enabled, as a logical "1", which may 
correspond to an enable signal, will be generated at the output of the OR 
gate 23. 

Since a symmetric cipher encryption process is reversible by definition, 
10 an embodiment representing the reverse encryption process is shown in 
Figure 3. In this figure, encryption is conducted on the output of register 19 
and not hash function module 29. Further a public key encryption 
configuration is used. Public key configurations generally rely on one key for 
encryption, and a different, but related key for decryption. This 
1 5 implementation renders it generally computationally unfeasible to determine 
the decryption key given only knowledge of the cryptographic algorithm and 
the encryption key. Further, current public key encryption configurations are 
capable of using either of the two related encryption keys for the encryption 
and decryption processes. As such, it is not necessary to undertake the 
20 expense associated with protecting the confidentiality of one of the keys. 
Therefore, the manufacturer can, for example, keep one of the keys secure 
within the manufacturing facility, while the second key may be stored on 
board a component in a physical location that, for example, may be 
accessible to an attacker without substantial effort. Although an attacker may 
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be able to extract the on-board key from the component, it will be essentially 
useless for purposes of enabling the functionality of a component without 
being able to determine the corresponding secret key held by the 
manufacturer. This configuration provides an advantage over the previous 
5 embodiments, as the manufacturer has complete control over the security of 
the key held within the manufacturing facility, and therefore, need not worry 
about preventing an attacker from being able to extract an on board key from 
a component. This reduces design phase problems and decreases 
manufacturing costs, as the additional design and manufacturing costs 
1 0 associated with protecting an on board key are eliminated. 

Returning to the exemplary embodiment shown in Figure 3, host 18 is 
again in communication with memory 28, which contains an identification 
number that may correspond to the component to be enabled by public key 
encryption device 33. Memory 28 communicates the component identification 
15 number to hash function module 29 as a pre-image input. Hash function 
module 29, which is a necessary component in public key system 31 , unlike 
secret key function enabler 32, processes the pre-image input and generates 
a hash value at an output of hash function module 29. Figure 3 illustrates 
hash function module 29 as a module for executing a one way hash function, 
20 as this type of function offers greater security against attackers. The hash 
value generated by hash function module 29 is transmitted to the second 
input 20b of comparator 20. Further, host 1 8 also obtains a guess passcode 
that is transmitted to guess register 1 9. This guess passcode, as noted in the 
previous embodiments, is generally obtained from the manufacturer. The 
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passcode is then transmitted as clear text to public key encryption module 35. 
Additionally, public key module 34, which contains the previously discussed 
public key for the device therein, transmits a public key to public key 
encryption module 35. As such, public key encryption module receives both 
5 the guess passcode and the public key as clear text inputs. These two inputs 
are processed/encrypted by public key encryption module 35 to generate 
cipher text at the output of public key encryption module 35. This cipher text 
is transmitted to the first input 20a of comparator 20. Comparator 20 then 
compares the cipher text received from public key encryption module 35 

10 representing the guess passcode to the hash value generated by hash 
function module 29 representing the identification number of the component. 
If comparator 20 determines that these two values match, then an enable 
signal is output from comparator 20 indicating that public key encryption 
device 33 has determined that the guess passcode is authentic and that the 

1 5 corresponding functionality of the component should be enabled. The output 
of comparator 20, in similar fashion to the previously discussed embodiment, 
* is transmitted to an input of OR gate 23, while another input of OR gate 23 is 
connected to the output of a bonding option circuit 25. Therefore, the 
manufacturer has the option of enabling the functionality of the component 

20 even if the public key or other information relevant to the enabling process 
was not programmed into the component at the manufacturing or design 
stages of the component. 

In another exemplary embodiment of the present invention, shown in 
Figure 4, the identification number discussed in the previous embodiments 
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is eliminated from the configuration. In place of the identification number and 
the device for storing such in the previous embodiments, the embodiment of 
Figure 4 utilizes a random sequence generator 36, which is configured to 
generate a random sequence of bits of a predetermined length. These 
5 randomly generated bits essentially correspond to the identification number 
used in the previous embodiments, however, since the random bits are 
generated on board, the need to program these bits into the component at the 
design and/or manufacturing stage is eliminated for the manufacturer. 
Further, since these bits are not programmed into the chip, another factor in 
1 0 the encryption process is unavailable for an attacker to utilize in an attack on 
the component. 

Aside from the lack of the identification number being stored on board 
the component, the embodiment of Figure 4 is essentially identical to the 
previously discussed public key encryption device 33. Therefore, in view of 

1 5 the discussion of the components of the public key encryption device 33, the 
discussion of the embodiment of Figure 4 will focus upon the random 
sequence generator 36. Furthermore, the substitution of a secret key scheme 
of Figure 2 in place of the shown public key scheme is anticipated within the 
scope of the present invention. Although various configurations and devices 

20 are known as acceptable random number generators for cryptographic 
purposes, the embodiment of Figure 4 illustrates the use of a linear feedback 
shift register (LFSR) 37 in conjunction with a ring oscillator configuration 40 
in order to generate the desired random number. However, it would be 
understood by those skilled in the art that various alternative apparatuses and 
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devices for generating the desired random number could be employed in 
place of the a linear feedback shift register 37 and the ring oscillator 
configuration 40 without departing from the scope of the present invention. 
Generally, the exemplary random sequence generator 36 is configured to 
5 receive a run signal at an input to the generator. This input indicates that the 
generator is to output a random number for use by the random id based 
enabler 41 . After receiving a run signal and generating the desired random 
number, the random number is transmitted to the input of hash function 
module 29 as pre-image information. Additionally, the random number is 

10 communicated to host 18. More particularly, the run signal received by 
random sequence generator 36 is received at a first input of NAND gate 38. 
The output of NAND gate 38 is transmitted to an input of linear feedback shift 
register (LFSR) 37, as well as to the input of a series bank of inverters 39. 
The output of the series bank of inverters 39 is in communication with a 

15 second input of NAND gate 38. As a result of the exemplary configuration 
shown in Figure 4, upon receiving a run signal at the input to random 
sequence generator 36, the cooperative operation of ring oscillator 40 and 
LFSR 37 generate a random number at the output of random sequence 
generator 36. 

20 In operation, random id based enabler 41 first receives a run signal at 

the input to the random sequence generator 36, which operates to initiate the 
generation of the desired random identification number. Once this random 
number is generated, it is transmitted to both hash function module 29 and 
host 18. Hash function module 29, which is once again shown as a one way 
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hash function for exemplary purposes, receives the random number as pre- 
image input and generates a hash value at the output of hash function 
module 29. This hash value is communicated to a second input 20b of 
comparator 20. Additionally, host 18, upon receiving the random number 
5 from to random sequence generator 36, contacts the manufacturer to obtain 
a guess passcode corresponding to the random number generated by 
random sequence generator 36. The manufacturer, having the private key 
corresponding to the public key of random id based enabler 41 , generates a 
guess passcode corresponding to the public key of random id based enabler 

10 41 from the private key and an encryption/decryption algorithm. The guess 
passcode generated by the manufacturer is then transmitted to host 1 8. 
Upon receiving the guess passcode from the manufacturer corresponding to 
the to random number generated by the random sequence generator 36, 
host 18 transmits the guess passcode to guess register 19. Guess register 

15 19 transmits the guess passcode to public key encryption module 35 as clear 
text, where the guess passcode is then encrypted with the public key stored 
in public key module 34 to generate cipher text at the output of public key 
encryption module 35. This cipher text, which, if the key obtained from host 
1 8 is authentic, is calculated to match the hash value output from hash 

20 function module 29, is then transmitted to the first input 20a of comparator 20. 
Comparator 20 compares the calculated cipher text to the hash value 
generated by hash function module 29. If the cipher text matches the hash 
value, an enable signal is transmitted from the output of comparator 20 to an 
input of OR gate 23. Another input of OR gate 23 is again connected to a 
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bonding option circuit 25 to generate a manual override of random id based 
enabler 41 if required. Upon processing the inputs from comparator 20 and 
bonding option circuit 25, assuming that at least one of these inputs is a 
logical high signal, OR gate 23 outputs an enable functionality signal that is 
5 used to initialize enablement of the corresponding functionality. 

Upon consideration of the random id based enabler 41 of the 
embodiment of Figure 4, it is apparent that the need for 
programming/designing a unique component identification into every 
component is removed by the embodiment of Figure 4. However, in the 

10 configuration shown in Figure 4, the component would likely require re- 
enablement upon every startup of the component, as every startup would 
generate a new random number from random sequence generator 36 that 
would not correspond to the previously acquired guess passcode. Therefore, 
although the embodiment of Figure 4 may require additional processing steps 

15 upon initialization in order to fully enable the component, these additional 
processing steps strengthen the security provided by the present exemplary 
embodiment, as a brute force attacker would be required to re-attack the 
component in order to re-enable the functionality. 

Although the present invention has been described based upon the 

20 above noted embodiments, it would be apparent to those of skilled in the art 
that certain modifications, variations, and/or alternative constructions or 
configurations would be available, while remaining within the spirit and scope 
of the invention. In particular, although specific components and algorithms 
are mentioned above with regard to the exemplary embodiments, it is 
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contemplated within the scope of the present invention that the function 
enabler of the present invention may be applicable to various electronic 
components in various configurations. Further, various cryptographic 
algorithms may be used in the present invention without departing from the 
5 true scope of the present invention. Therefore, in order to determine'the true 
scope of the present invention, reference should be made to the following 
claims. 
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Claims: 

1. An apparatus for enabling functionality of a component, said 
apparatus comprising: 

an identification module, said identification module having an 
5 identification number stored therein; 

a hash function module in communication with said identification 
module; 

a host in communication with said identification module; 
a guess register in communication with said host; 
10 an encryption module in communication with said guess register; 

a public key module in communication with said encryption module, 
said public key module having a public key stored therein; and 

a comparator in communication with said encryption module and said 
hash function module, 
15 wherein said comparator compares a first bit string to a second bit 

string to generate a function enable output for the component. 

2. An apparatus for enabling functionality of a component as 
recited in claim 1, wherein said identification module further comprises an 
onboard non-volatile register. 

20 3. An apparatus for enabling functionality of a component as 

recited in claim 1 , wherein said hash function module further comprises a 
one - wa y hash function module configured to receive a pre-image input and 
, output a hash value using a one-way hash function algorithm. 

4. An apparatus for enabling functionality of a component as 
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recited in claim 1 , wherein said encryption module further comprises a public 
key encryption module, said public key encryption module being configured 
to receive the public key and a guess passcode as inputs and generate a 
ciphertext bit string as an output. 
5 5. An apparatus for enabling functionality of a component as 

recited in claim 1, wherein said apparatus further comprises a selecting 
device for selecting at least one of the function enable output and a bonding 
option output. 

6. An apparatus for enabling functionality of a component as 
10 recited in claim 5, wherein said selecting device further comprises an OR 

gate having at least one input for receiving said function enable output and 
the bonding option output. 

7. An apparatus for enabling functionality of a component as 
recited in claim 6, said apparatus further comprising a bonding option circuit, 

1 5 said bonding option circuit comprising; 

a pull up resistor in communication with said OR gate and a power 
supply; and 

a switch in communication with a ground potential and said OR gate. 

8. An apparatus for enabling functionality of a component as 
20 recited in claim 5, wherein said selecting device further comprises: 

a multiplexer having at least one multiplexer input in communication 
with the comparator and a multiplexer output; 

a selection circuit in communication with the at least one multiplexer 

input; 
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a bonding option circuit in communication with the at least one 
multiplexer input, 

wherein said multiplexer is configured to receive a selection input from 
the selection circuit that is used to determine whether to enable functionality 
5 of said component in accordance with the bonding option output or the 
function enable output. 

9. An apparatus for enabling functionality of a component as 
recited in claim 5, wherein said selecting device further comprises: 

at least one first non-volatile memory location having at least one first 
1 0 selection bit stored therein; 

at least one second non-volatile memory location having at least one 
second selection bit stored therein; and 

an OR gate having a first input, a second inverted input, and a logic 
output, said first input being in communication with said at least one first non- 
15 volatile memory location and said second inverted input being in 
communication with said at least one second non-volatile memory location, 

wherein said selection circuit is configured to generate a selection 
indicator on the logic output of the OR gate in accordance with the at least 
one first selection bit and said at least one second selection bit. 
20 10. An apparatus for enabling functionality of a component as 

recited in claim 1 , wherein said first bit string further comprises a ciphertext 
bit string generated by the encryption module. 

11. An apparatus for enabling functionality of a component as 
recited in claim 1, wherein said second bit string further comprises a hash 
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value generated by said hash function module. 

12. An apparatus for enabling functionality of a component as 
recited in claim 1 , wherein said component further comprises at least one of 
a network switch and a media access controller. 

13. A component for selectively enabling functionality of an 
electronic device, said component comprising: 

means for generating an encrypted bit string; 
means for acquiring a guess passcode; 

a hash function module in communication with an on board memory, 
said on board memory having a predefined identification number stored 
therein; 

means for determining if the encrypted bit string matches the guess 
passcode; and 

means for outputting a functionality enable signal. 

14. A component for selectively enabling functionality of an 
electronic device as recited in claim 1 3 wherein said means for generating an 
encrypted bit string further comprises: 

a public key encryption module; 

a public key module in communication with said public key encryption 
module, said public key module having a public key stored therein; and 

a guess register in communication with said public key encryption 
module, 

wherein said public key encryption module receives the guess 
passcode from the guess register and the public key from the public key 
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module in order to generate a ciphertext bit string. 

15. A component for selectively enabling functionality of an 
electronic device as recited in claim 13, wherein said means for acquiring a 
guess passcode comprises: 

5 a host in communication with said means for generating an encrypted 

bit string; 

an identification module in communication with said host, 
wherein said host is configured to communicate with a manufacturer 
of the component to request the guess passcode corresponding to an 
10 identification number stored in said identification module. 

16. A component for selectively enabling functionality of an 
electronic device as recited in claim 13, wherein said hash function module 
further comprises: 

an on board memory, said on board memory having an identification 
1 5 number stored therein; and 

a one-way hash function module in communication with said on board 
memory, 

wherein said one-way hash function module receives an identification 
number from said on board memory and generates a corresponding hash 
20 value therefrom. 

17. A component for selectively enabling functionality of an 
electronic device as recited in claim 13, wherein said means for determining 
further comprises a comparator. 

18. A component for selectively enabling functionality of an 
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electronic device as recited in claim 13, wherein said means for outputting 
comprises: 

a bonding option circuit; and 

an OR gate in communication with said bonding option circuit and said 
5 means for determining, 

wherein said OR gate receives an input from at least one of said 
bonding option circuit and said means for determining and generates the 
functionality enable signal therefrom. 

19. A component for selectively enabling functionality of an 
1 0 electronic device as recited in claim 1 3, wherein said electronic device further 

comprises at least one of a network switch and a media access controller. 

20. A method for enabling functionality of an electronic component, 
said method comprising the steps of: 

encrypting a first bit string and a second bit string to generate a third 
15 bit string; 

calculating a fourth bit string; 

comparing the fourth bit string to the third bit string; and 
generating a function enable signal in accordance with the 
comparison. 

20 21 . A method for enabling functionality of an electronic component 

as recited in claim 20, wherein said encrypting step further comprises the 
steps of: 

receiving a public key in an encryption module; 
receiving a guess passcode in the encryption module; and 
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encrypting the public key and the guess passcode to generate a 
ciphertext bit string. 

22. A method for enabling functionality of an electronic component 
as recited in claim 20, wherein said calculating step further comprises: 

5 receiving an identification number in a hash function module; and 

generating a hash value corresponding to the identification number. 

23. A method for enabling functionality of an electronic component 
as recited in claim 20, wherein said comparing step further comprises: 

receiving the fourth bit string representing a hash value and the third 
10 bit string representing a cipher text bit string in at least one input of a 
comparator; and 

determining if the fourth bit string matches the third bit string. 

24. A method for enabling functionality of an electronic component 
as recited in claim 20, wherein said generating step further comprises the 

15 step of selecting at least one of a bonding option output and the function 
enable signal as a final enable output 

25. A method for enabling functionality of an electronic component 
as recited in claim 24, wherein said selecting step further comprises the steps 
of: 

20 transmitting the bonding option output to an OR gate as a first input; 

transmitting the function enable signal to the OR gate as a second 
input; and 

generating the final enable output from the OR gate in accordance with 
the first and second inputs. 
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26. A method for enabling functionality of an electronic component 
as recited in claim 20, wherein said encrypting step further comprises the 
step of determining a guess passcode. 

27. A method for enabling functionality of an electronic component 
5 as recited in claim 26, wherein said determining step comprises the steps of: 

requesting the guess passcode from a manufacturer; 

calculating the guess passcode in accordance with a predetermined 
algorithm; and 

transmitting the guess passcode to an on board host. 
10 28. A method for enabling functionality of an electronic component 

as recited in claim 27, wherein said requesting step further comprises the 
steps of contacting a manufacturer through at least one of an internet 
connection, a telephone voice call, and a direct dial connection. 

29. A method for enabling functionality of an electronic component 
15 as recited in claim 20, wherein said electronic component further comprises 

at least one of a network switch and a media, access controller. 

30. An apparatus for enabling functionality of a component, said 
apparatus comprising: 

at least one memory; 
20 an encryption module in communication with said at least one memory; 

a host processor in communication with said at least one memory; and 
a comparing device in communication with said encryption module and 
said at least one memory, 

wherein said comparing device is configured to compare a guess 
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passcode to a bit string generated by said encryption module in order to 
generate an enable output. 

31. An apparatus for enabling functionality of a component as 
recited in claim 30, said apparatus further comprising a hash function module 

5 in communication with said at least one memory and said encryption module. 

32. An apparatus for enabling functionality of a component as 
recited in claim 31, wherein said at least one memory further comprises: 

at least one register in communication with said hash function module 
for storing at least one of a component identification number and a secret 
10 key; and 

a guess register in communication with said host processor and said 
comparing device. 

33. An apparatus for enabling functionality of a component as 
recited in claim 32, wherein said at least one register further comprises: 

15 a first register in communication with said host processor and said 

hash function module, said first register storing a component identification bit 
string therein; and 

a second register in communication with said hash function module, 
said second register storing a predetermined secret key therein. 

20 34. An apparatus for enabling functionality of a component as 

recited in claim 31, wherein said hash function module further comprises a 
one-way hash function module, said one way hash function module being 
configured to receive at least one pre-image input and calculate a hash value 
therefrom. 
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35. An apparatus for enabling functionality of a component as 
recited in claim 34, wherein said one way hash function module is further 
configured to receive a secret key as a first pre-image input and an 
identification number as a second pre-image input. 
5 36. An apparatus for enabling functionality of a component as 

recited in claim 31, wherein said encryption module further comprises a 
symmetric cipher encryption module, said symmetric cipher encryption 
module being configured to receive a hash value from said hash function 
module as clear text, and generate a ciphertext bit string at an output from the 
1 0 clear text. 

37. An apparatus for enabling functionality of a component as 
recited in claim 30, wherein said apparatus further comprises a device for 
selecting at least one of the enable output and a bonding option output. 

38. An apparatus for enabling functionality of a component as 
15 recited in claim 37, wherein said device for selecting further comprises: 

an OR gate having at least one input for receiving said enable output 
and a gate output; and 

a bonding option circuit in communication with said OR gate. 

39. An apparatus for enabling functionality of a component as 
20 recited in claim 38, wherein said bonding option circuit further comprises: 

a pull up resistor in communication with said OR gate and a power 
supply; and 

a switch in communication with a ground potential and said OR gate. 

40. An apparatus for enabling functionality of a component as 
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recited in claim 37, wherein said device for selecting further comprises: 
a multiplexer in communication with said comparing device; 
a selection circuit in communication with said multiplexer; and 
a bonding option circuit in communication with said multiplexer. 
5 41. An apparatus for enabling functionality of a component as 

recited in claim 40, wherein said bonding option circuit further comprises: 
a pull up resistor in communication with said multiplexer and a power 

supply; and 

a switch in communication with a ground potential and said multiplexer. 
10 42. An apparatus for enabling functionality of a component as 

recited in claim 40, wherein said selection circuit further comprises: 

at least one first non-volatile memory location having at least one first 
selection bit stored therein; 

at least one second non-volatile memory location having at least one 
1 5 second selection bit stored therein; and 

an OR gate having a first input, a second inverted input, and a logic 
output, said first input being in communication with said at least one first non- 
volatile memory location and said second inverted input being in 
communication with said at least one second non-volatile memory location, 
20 wherein said selection circuit is configured to generate a selection 

indicator on the logic output of the OR gate in accordance with the at least 
one first selection bit and said at least one second selection bit. 

43. An apparatus for enabling functionality of a component as 
recited in claim 30, wherein said comparing device comprises a comparator. 
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44. An apparatus for enabling functionality of a component as 
recited in claim 30, wherein said component comprises at least one of a 
network switch and a media access controller. 

45. A method for enabling functionality of an electronic component, 
„ 5 said method comprising the steps of: 

encrypting a first bit string and a second bit string to generate an 
encrypted bit string; 

determining a guess passcode; 

comparing the guess passcode to the encrypted bit string; and 
10 generating a function enable signal in accordance with the 

comparison. 

46. A method for enabling functionality of an electronic component 
as recited in claim 45, wherein said encrypting step further comprises the 
steps of: 

15 receiving the first bit string in an encryption module; 

receiving the second bit string in the encryption module; and 
encrypting the first bit string and the second bit string to generate a 
ciphertext bit string. 

47. A method for enabling functionality of an electronic component 
20 as recited in claim 46, wherein said step of receiving a first bit string further 

comprises the steps of: 

transmitting an identification bit string to a hash function module; 
calculating a hash value based on the identification bit string; and 
transmitting the hash value to the encryption module. 



WO 01/33768 PCT/US00/26275 

45 

48. A method for enabling functionality of an electronic component 
as recited in claim 46, wherein said step of receiving a second bit string 
further comprises receiving a secret key, 

49. A method for enabling functionality of an electronic component 
5 as recited in claim 45, wherein said determining step further comprises the 

steps of: 

requesting the guess passcode from a manufacturer; 
calculating the guess passcode in accordance with a predetermined 
algorithm; and 

1 0 transmitting the guess passcode to an on board host. 

50. A method for enabling functionality of an electronic component 
as recited in claim 49 wherein said requesting step further comprises the 
steps of contacting a manufacturer through at least one of an internet 
connection, a telephone voice call, and a direct dial connection. 

15 51 . A method for enabling functionality of an electronic component 

as recited in claim 45, wherein said comparing step further comprises the 
steps of: 

storing the guess passcode in a guess register, said guess register 
being in communication with a comparator; 
20 comparing the guess passcode to the encrypted bit string; 

determining if the guess passcode matches the encrypted string; and 

outputting the function enable signal if a match is determined. 

52. A method for enabling functionality of an electronic component 
as recited in claim 45, said method further comprising the step of selecting at 
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least one of a bonding option output and the function enable signal as a final 
output. 

53. A method for enabling functionality of an electronic component 
as recited in claim 52, wherein said selecting step further comprises the steps 

5 of: 

transmitting a first selection enable bit string to a first input of an OR 

gate; 

transmitting a second selection bit string to a second inverted input of 
the OR gate; 

1 0 conducting a logical OR operation on the first selection enable bit 

string and the second enable bit string to determine a selection result; and 
transmitting the selection result to a multiplexer. 

54. A method for enabling functionality of an electronic component 
as recited in claim 52, wherein said selecting step further comprises the steps 

15 of: 

transmitting the bonding option output to an OR gate as a first input; 
transmitting the function enable signal to the OR gate as a second 
input; and 

generating the final output from the OR gate in accordance with the 
20 first and second inputs. 

55. A component for selectively enabling functionality of an 
electronic device, said component comprising: 

means for encrypting a bit string to generate a ciphertext bit string; 
means for acquiring a guess passcode; 
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means for determining if said ciphertext bit string matches said guess 
passcode; and 

means for outputting a functionality enable signal. 

56. A component for selectively enabling functionality of an 
5 electronic device as recited in claim 55, wherein said means for encrypting 

further comprises: 

a symmetric cipher encryption module; 

means in communication with said symmetric cipher encryption module 
for generating a cleartext bit string; and 
10 a secret key module in communication with said symmetric cipher 

encryption module. 

57. A component for selectively enabling functionality of an 
electronic device as recited in claim 56, wherein said means for generating 
a cleartext bit string further comprises: 

15 an identification module having an identification number stored therein; 

and 

a hash function module in communication with said identification 
module and said symmetric cipher encryption module, 

wherein said hash function module is configured to receive the 
20 identification number as an input and generate a hash value as an output to 
be received by said symmetric cipher encryption module as the cleartext bit 
string. 



i_ 
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58. A component for selectively enabling functionality of an 
electronic device as recited in claim 55, wherein said means for acquiring a 
guess passcode comprises: 

a host in communication with said means for encrypting; and 
5 a guess register in communication with said host, 

wherein said host is configured to communicate with a manufacturer 
of the component to request the guess passcode corresponding to a 
particular electronic device to be enabled. 

59. A component for selectively enabling functionality of an 
1 0 electronic device as recited in claim 55, wherein said means for determining 

further comprises a comparator. 

60. A component for selectively enabling functionality of an 
electronic device as recited in claim 55, wherein said means for outputting 
further comprises: 

15 an OR gate in communication with said means for determining; and 

a bonding option circuit in communication with said OR gate, 
wherein said OR gate is configured to output the functionality enable 

signal determined in accordance with an input from the means for determining 

and an input from the bonding option circuit. 
20 61. A component for selectively enabling functionality of an 

electronic device as recited in claim 55, wherein said electronic device 

comprises at least one of a network switch and a media access controller. 
62. An apparatus for enabling functionality of a component, said 

apparatus comprising: 
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a comparing device having at least one input and an output; 

a memory for receiving and storing at least one bit string therein, said 
memory having a memory output in communication with said comparing 
device; 

5 a guess register for receiving a guess passcode therein, said guess 

register having a guess passcode input and a guess passcode output, said 
guess passcode output being in communication with said comparing device; 
and 

a host in communication with said guess register, 
10 wherein said host is configured to receive and transmit the guess 

passcode to the guess register so that the guess passcode can be compared 
to the at least one bit string stored in said memory, and wherein said memory 
includes a physical limitation preventing unauthorized extraction of the at 
least one bit string stored within said memory. 
15 63. An apparatus for enabling functionality of a component as 

recited in claim 62, wherein said memory further comprises a non-volatile 
register. 

64. An apparatus for enabling functionality of a component as 
recited in claim 63, wherein said non-volatile register further comprises a 96 

20 bit register configured to receive a 32 bit identification and a 64 bit function 
enable key. 

65. An apparatus for enabling functionality of a component as 
recited in claim 62, wherein said memory further comprises a memory located 
on board said component and programmed during manufacturing of said 



WO 01/33768 PCT/US00/26275 

50 

component with a component identification number and a function enable 
key. 

66. An apparatus for enabling functionality of a component as 
recited in claim 65, wherein said function enable key further comprises a 

5 string of at least 64 bits selected by a manufacturer of said component and 
stored in said memory during a manufacturing process. 

67. An apparatus for enabling functionality of a component as 
recited in claim 62, said apparatus further comprising: 

a multiplexer having at least one multiplexer input , in communication 
1 0 with the output of said comparing device, and a multiplexer output; 

a selection circuit in communication with said at least one multiplexer 

input; 

a bonding option circuit in communication with said at least one 
multiplexer input, 

1 5 wherein said multiplexer is configured to receive a selection input from 

said selection circuit that is used to determine whether to enable functionality 
of said component in accordance with a bonding option output or the output 
of the comparing device. 

68. An apparatus for enabling functionality of a component as 
20 recited in claim 67, wherein said selection circuit further comprises: 

at least one first non-volatile memory location having at least one first 
selection bit stored therein; 

at least one second non-volatile memory location having at least one 
second selection bit stored therein; and 
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an OR gate having a first input, a second inverted input, and a logic 
output, said first input being in communication with said at least one first non- 
volatile memory location and said second inverted input being in 
communication with said at least one second non-volatile memory location. 
5 69. An apparatus for enabling functionality of a component as 

recited in claim 67, wherein said bonding option circuit further comprises: 

at least one pull up resistor having a first end and a second end, said 
first end being in communication with said at least one multiplexer input and 
said second end being in communication with a voltage supply; and 
1 o a switch in communication with said at least one multiplexer input and 

a ground reference potential. 

70. An apparatus for enabling functionality of a component as 
recited in claim 62, wherein said comparing device further comprises a 
comparator. 

15 71. An apparatus for enabling functionality of a component as 

recited in claim 62, wherein said component comprises at least one of a 
network switch and a media access controller. 

72. A method for enabling at least one function of a component, 
said method comprising the steps of: 
20 storing a component identification number and a key in a non-volatile 

memory on board said component; 

transmitting a bit string composed of the key to a first input of a 
comparing device ; 

transmitting a manufacturer's key corresponding to the component 
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identification number to a second input of the comparing device; and 

comparing the bit string to the manufacturers key to generate an 
enable output, 

wherein said non-volatile memory is manufactured with a physical 
5 limitation for preventing an attacker from extracting information from said non- 
volatile memory. 

73. A method for enabling at least one function of a component as 
recited in claim 72, wherein said method further comprises the steps of: 

generating a bonding option output; and 
10 selecting at least one of the bonding option output and the enable 

output for use in enabling functionality of the component. 

74. A method for enabling at least one function of a component as 
recited in claim 73, wherein said selecting step further comprises the steps 
of: 

15 transmitting a first selection enable bit string to a first input of an OR 

gate; 

transmitting a second selection bit string to a second inverted input of 
the OR gate; 

conducting a logical OR operation on the first selection enable bit 
20 string and the second enable bit string to determine a selection result; and 
transmitting the selection result to a multiplexer. 

75. A method for enabling at least one function of a component as 
recited in claim 72, wherein said step of transmitting a manufacturers key 
further comprises the steps of: 
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transmitting the component identification number to the manufacturer; 
determining the manufacturers key that corresponds to the component 
identification number of the component; 

transmitting the determined manufacturers key to a host on board the 
5 component; and 

transmitting the determined manufacturers key to a guess register via 
an interface. 

76. A method for enabling at least one function of a component as 
recited in claim 75, wherein the determining step further comprises the steps 

10 of: 

receiving the component identification number; and 
searching through a database to locate the manufacturers key 
corresponding to the component identification number. 

77. A method for enabling at least one function of a component as 
1 5 recited in claim 75, wherein the determining step further comprises the steps 

of: 

receiving the component identification number; and 

calculating a manufacturers key corresponding to the component 
identification number through the use of a predefined algorithm. 
20 78. A method for selectively enabling functionality of an electronic 

component, said method comprising the steps of: 

storing a bit string in an onboard memory of a component; 

determining a manufacturers key; 

comparing the bit string to the determined manufacturers key; and 
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enabling functionality of the component in accordance with the 
comparison. 

79. A method for selectively enabling functionality of an electronic 
component as recited in claim 78, wherein said storing step further comprises 

5 storing a unique bit string in a non-volatile memory having a physical 
limitation manufactured therein to prevent unauthorized extraction of the bit 
string. 

80. A method for selectively enabling functionality of an electronic 
component as recited in claim 78, wherein the step of storing the bit string 

1 0 further comprises: 

storing a unique component identification number in the memory; and 
storing a predetermined cryptographic key in the memory. 

81 . A method for selectively enabling functionality of an electronic 
component as recited in claim 80, wherein both of said storing steps are 

1 5 accomplished during a manufacturing stage of the component. 

82. A method for selectively enabling functionality of an electronic 
component as recited in claim 78, wherein said determining step further 
comprises: 

requesting a manufacturers key from a manufacturer; and 
20 receiving the manufacturers key from the manufacturer. 

83. A method for selectively enabling functionality of an electronic 
component as recited in claim 82, wherein said requesting step is conducted 
through an internet connection using at least one host processor. 

84. A method for selectively enabling functionality of an electronic 
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component as recited in claim 82, wherein said requesting step is conducted 
through voice communication. 

85. A method for selectively enabling functionality of an electronic 
component as recited in claim 78, wherein said determining step further 

5 comprises indexing into a database of manufacturers keys with a component 
identification to determine the manufacturers key corresponding to the 
component identification. 

86. A method for selectively enabling functionality of an electronic 
component as recited in claim 78, wherein said determining step further 

10 comprises calculating the manufacturers key based upon a component 
identification in accordance with a predetermined algorithm. 

87. A method for selectively enabling functionality of an electronic 
component as recited in claim 86, wherein said calculating step further 
comprises calculating the manufacturers key with a predefined cryptographic 

15 algorithm. 

88. A method for selectively enabling functionality of an electronic 
component as recited in claim 78, wherein said comparing step further 
comprises: 

transmitting the bit string representing both a component identification 
20 number and a predetermined cryptographic key to a first input of a 
comparator; 

transmitting the manufacturers key to a second input of the 
comparator; and 

comparing the bit string to the manufacturers key to determine a 
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match; and 

outputting an enable signal if a match is determined. 

89. A method for selectively enabling functionality of an electronic 
component as recited in claim 88, wherein said enabling step further 

5 comprises: 

receiving the enable signal at a first input of a multiplexer; 
receiving a bonding option signal at a second input of the multiplexer; 
receiving a selection input at a third input of the multiplexer; 
determining to use at least one of the enable signal and the bonding 
10 option signal; and 

outputting a final enable signal from the multiplexer in accordance with 
the determination. 

90. An apparatus for enabling functionality of an electronic 
component, said apparatus comprising: 

15 at least one means for storing a bit string; 

means for transmitting and receiving information, said means for 
transmitting and receiving information being in communication with said 
means for storing; and 

means for comparing a predefined bit string with a guess bit string, 
20 said means for comparing being in communication with said at least one 
means for storing, 

wherein said means for comparing receives at least two inputs from 
said at least one means for storing and compares the at least two inputs to 
determine an enable output for the electronic component. 
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91. An apparatus for enabling functionality of an electronic 
component as recited in claim 90, wherein said at least one means for storing 
further comprises: 

a non-volatile memory in communication with said means for 
5 transmitting and receiving and said means for comparing; and 

a guess register in communication with said means for transmitting and 
receiving and said means for comparing. 

92. An apparatus for enabling functionality of an electronic 
component as recited in claim 91, wherein said means for transmitting and 

1 0 receiving information further comprises: 

an interface in communication with said at least one means for storing; 

and 

a host processor in communication with said interface, 
wherein said host processor is configured to communicate with 
1 5 external devices in order to receive a guess passcode. 

93. An apparatus for enabling functionality of an electronic 
component as recited in claim 91 , wherein said means for comparing further 
comprises a comparator having at least one input and an output, said at least 
one input being configured to receive the bit string from said non-volatile 

20 memory and a guess passcode from said guess register. 

94. An apparatus for enabling functionality of an electronic 
component as recited in claim 90, said apparatus further comprising: 

a multiplexer in communication with said means for comparing; 

a bonding option circuit in communication with said multiplexer, and 
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selection circuit in communication with said multiplexer. 

95. An apparatus for enabling functionality of an electronic 
component as recited in claim 94, wherein said bonding option circuit further 
comprises: 

5 at least one pull up resistor in communication with multiplexer and a 

voltage supply; and 

a switch in communication with said multiplexer and a ground 
reference potential. 

96. An apparatus for enabling functionality of an electronic 
10 component as recited in claim 94, wherein said selection circuit further 

comprises: 

at least one first non-volatile memory location having at least one first 
selection bit stored therein; 

at least one second non-volatile memory location having at least one 
1 5 second selection bit stored therein; and 

an OR gate having a first input, a second inverted input, and a logic 
output, said first input being in communication with said at least one first non- 
volatile memory location and said second inverted input being in 
communication with said at least one second non-volatile memory location, 
20 wherein said selection circuit is configured to generate a selection 

indicator on the logic output of the OR gate in accordance with the at least 
one first selection bit and said at least one second selection bit. 

97. An apparatus for enabling functionality of an electronic 
component as recited in claim 90, wherein said electronic component further 
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comprises at least one of a network switch and a media access controller. 

98. An apparatus for enabling functionality of a component, said 
apparatus comprising: 

a random number generating module for generating a random number; 
5 a hash function module in communication with said random number 

generating module; 

a host in communication with said random number generating module; 

at least one memory in communication with said host; 

an encryption module in communication with said at least one memory; 

10 and 

a comparing device in communication with said encryption module and 
said hash function module, 

wherein said comparing device compares a first bit string to a second 
bit string to generate a function enable output for the component. 
15 99. An apparatus for enabling functionality of a component as 

recited in claim 98, wherein said hash function module further comprises a 
one-way hash function module configured to receive a pre-image input and 
output a hash value using a one-way hash function algorithm. 

100. An apparatus for enabling functionality of a component as 
20 recited in claim 98, wherein said encryption module further comprises a public 

key encryption module, said public key encryption module being configured 
to receive a public key and a guess passcode from said at least one memory 
as inputs and generate a ciphertext bit string as an output. 

101. An apparatus for enabling functionality of a component as 
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recited in claim 98, wherein said at least one memory further comprises: 

a guess register in communication with said host and said encryption 
module, said guess register being configured to receive a guess passcode 
from said host; and 

5 a public key module in communication with said encryption module, 

said public key module being configured to store a public key therein. 

102. An apparatus for enabling functionality of a component as 
recited in claim 98, wherein said random number generating module further 
comprises: 

10 a linear feedback shift register in communication with said hash 

function module; 

a NAND gate in communication with said linear feedback shift register; 

and 

at least one inverter in communication with said linear feedback shift 
1 5 register and said NAND gate, 

wherein said NAND gate is configured to receive an activation pulse 
and said linear feedback shift register is configured to output a random 
number. 

103. An apparatus for enabling functionality of a component as 
20 recited in claim 98, wherein said apparatus further comprises a selecting 

device for selecting at least one of the function enable output and a bonding 
option output. 

104. An apparatus for enabling functionality of a component as 
recited in claim 103, wherein said selecting device further comprises an OR 
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gate having at least one input for receiving the function enable output and the 
bonding option output. 

105. An apparatus for enabling functionality of a component as 
recited in claim 104, said apparatus further comprising a bonding option 

5 circuit, said bonding option circuit comprising; 

a pull up resistor in communication with said OR gate and a power 
supply; and 

a switch in communication with a ground potential and said OR gate. 

106. An apparatus for enabling functionality of a component as 
10 recited in claim 103, wherein said selecting device further comprises: 

a multiplexer having at least one multiplexer input in communication 
with the comparing device and a multiplexer output; 

a selection circuit in communication with the at least one multiplexer 

input; 

15 a bonding option circuit in communication with the at least one 

multiplexer input, 

wherein said multiplexer is configured to receive a selection input from 
the selection circuit that is used to determine whether to enable functionality 
of said component in accordance with the bonding option output or the 
20 function enable output. 

107. An apparatus for enabling functionality of a component as 
recited in claim 106, wherein said selection circuit further comprises: 

at least one first non-volatile memory location having at least one first 
selection bit stored therein; 
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at least one second non-volatile memory location having at least one 
second selection bit stored therein; and 

an OR gate having a first input, a second inverted input, and a logic 
output, said first input being in communication with said at least one first non- 
5 volatile memory location and said second inverted input being in 
communication with said at least one second non-volatile memory location, 

wherein said selection circuit is configured to generate a selection 

indicator on the logic output of the OR gate in accordance with the at least 

* 

one first selection bit and said at least one second selection bit. 
10 108. An apparatus for enabling functionality of a component as 

recited in claim 98, wherein said first bit string further comprises a ciphertext 
bit string generated by the encryption module. 

109. An apparatus for enabling functionality of a component as 
recited in claim 98, wherein said second bit string further comprises a hash 

1 5 value generated by said hash function module. 

110. An apparatus for enabling functionality of a component as 
recited in claim 98, wherein said comparing device further comprises a 
comparator. 

111. An apparatus for enabling functionality of a component as 
20 recited in claim 98, wherein said component further comprises at least one of 

a network switch and a media access controller. 

112. A component for selectively enabling functionality of an 
electronic device, said component comprising: 

means for generating a random bit string; 
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a hash function module in communication with said means for 
generating; 

means for acquiring a guess passcode in communication with said 
means for generating; 
5 an encryption module in communication with said means for acquiring; 

and 

a comparing device in communication with said encryption module and 
said hash function module, said comparing device having an output for 
transmitting a functionality enable signal therefrom. 
10 113. A component for selectively enabling functionality of an 

electronic device as recited in claim 112, wherein said means for generating 
further comprises a random number generating module, wherein said module 
is configured to receive an initiate signal and output a random number. 

114. A component for selectively enabling functionality of an 
1 5 electronic device as recited in claim 112, wherein said means for generating 
further comprises: 

a linear feedback shift register, said linear feedback shift register 
having an input and an output; 

a NAND gate in communication with said linear feedback shift register, 
20 said NAND gate having at least one input and an output; and 

a bank of inverters in a series configuration, an input to said bank of 
inverters being in communication with said output of said NAND gate and said 
input of said linear feedback shift register, 

wherein said at least one input of said NAND gate receives an 
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activation signal the initiates said linear feedback shift register to generate a 
random number on the output of said linear feedback shift register. 

115. A component for selectively enabling functionality of an 
electronic device as recited in claim 112, wherein said hash function module 

5 further comprises a one-way hash function module configured to receive a 
pre-image input and output a hash value in accordance with a one-way hash 
function algorithm. 

116. A component for selectively enabling functionality of an 
electronic device as recited in claim 1 12, wherein said means for acquiring 

10 a guess passcode further comprises: 

a host in communication with said means for generating; and 
a guess register in communication with said host, 
wherein said host is configured to receive a guess passcode from a 
manufacturer corresponding to the random bit string. 
15 117. A component for selectively enabling functionality of an 

electronic device as recited in claim 112, wherein said encryption module 
further comprises: 

a public key encryption module; and 

a public key module in communication with said public key encryption 
20 module, 

wherein said public key encryption module is configured to receive a 
public key from said public key module and a guess passcode from said 
means for acquiring, and generate a ciphertext bit string therefrom. 

118. A component for selectively enabling functionality of an 
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electronic device as recited in claim 112, said component further comprising: 
a bonding option circuit in communication with said comparing device; 

and 

an OR gate in communication with said comparing device, 
5 wherein said OR gate is configured to select the functionality enable 

signal from the comparator or an output from the bonding option circuit in 
order to generate a final enable output. 

119. A component for selectively enabling functionality of an 
electronic device as recited in claim 118, wherein said bonding option circuit 

1 0 further comprises: 

a pull-up resistor in communication with said OR gate and a power 
supply; and 

a switch in communication with said OR gate and a ground potential. 

120. A component for selectively enabling functionality of an 
15 electronic device as recited in claim 112, wherein said comparing device 

further comprises a comparator. 

121. A component for selectively enabling functionality of an 
electronic device as recited in claim 112, wherein said electronic component 
further comprises at least one of a network switch and a media access 

20 controller. 

1 22. A method for enabling functionality of an electronic component, 
said method comprising the steps of: 

generating a random number; 

calculating a first bit string from the random number; 
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determining a second bit string corresponding to the random number; 
encrypting the second bit string with a public key to generate a third 
bit string; 

comparing the third bit string to the first bit string to determine a match; 
5 outputting a function enable signal in accordance with the comparison. 

1 23. A method for enabling functionality of an electronic component 
as recited in claim 122, wherein said step of calculating a first bit string 
further comprises calculating a hash value of said random number. 

1 24. A method for enabling functionality of an electronic component 
10 as recited in claim 122 wherein said determining step further comprises the 

steps of: 

transmitting the random number to a manufacturer 

calculating a guess passcode corresponding to the random number; 

and 

1 5 receiving the guess passcode in a host. 

1 25. A method for enabling functionality of an electronic component 
as recited in claims 122, wherein said encrypting step further comprises the 
steps of: 

receiving a guess passcode from a host; 
20 receiving a public key; and 

encrypting the guess passcode and the public key to generate a 
ciphertext bit string. 
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1 26. A method for enabling functionality of an electronic component 
as recited in claim 1 22, wherein said comparing step further comprises the 
steps of: 

receiving the third bit string at a first input of a comparator; 
5 receiving the first bit string at a second input of the comparator; 

determining if the first bit string matched the second bit string; and 
outputting a match signal if a match is determined. 

1 27. A method for enabling functionality of an electronic component 
as recited in claim 122, wherein said outputting step further comprises the 

1 0 step of determining a final output enable signal from a bonding option output 
signal and the function enable signal. 

1 28. A method for enabling functionality of an electronic component 
as recited in claim 127, wherein said determining a final output step further 
comprises the steps of: 

15 receiving the bonding option output signal at a first input of an OR 

gate; 

receiving the function enable signal at a second input of the OR gate; 

and 

outputting a final output enable signal from the OR gate in accordance 
20 with the first and second inputs. 

1 29. A method for enabling functionality of an electronic component 
as recited in claim 124, wherein said transmitting step further comprises 
communicating with the manufacturer through at least one of an internet 
connection, a dial up connection, and a voice connection to obtain the guess 
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passcode. 

1 30. A method for enabling functionality of an electronic component 
as recited in claim 122, wherein said electronic component further comprises 
at least one of a network switch and a media access controller. 
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